<?php

/**
 * Description of ContentAdminUsers
 *
 * @author Honza, Tung
 */
class ContentAdminUsers implements IMainBodyWithInteraction {

  private $showTable = true;	//show data which is selected from DB 
  private $showForm = true;		//show form for add or edit data
  private $error;

  public function action() {
	//delete a row base on user ID
    if ($_GET['a'] == 'erase') {
      $addressID = DB::sql('select id_address from ' . TBL_USERS . ' where id_user = ' . $_GET['ida']);

      DB::sql('delete from ' . TBL_ADDRESSES . ' where id_address = ' . $addressID[0]['id_address']);
      DB::sql('delete from ' . TBL_USERS . ' where id_user = ' . $_GET['ida']);
    }
  }

  public function applyForm($formID = NULL) {
	//remove special character before set value for variable
    if (isset($_POST['userEdit'])) {
      $login = addslashes($_POST['login']);
      $pass1 = addslashes($_POST['pass1']);
      $name = addslashes($_POST['name']);
      $surname = addslashes($_POST['surname']);
      $street = addslashes($_POST['street']);
      $sn = addslashes($_POST['sn']);
      $city = addslashes($_POST['city']);
      $postalCode = addslashes($_POST['postalCode']);
      $email = addslashes($_POST['email']);
      $mobile = addslashes($_POST['mobile']);
      $role = $_POST['role'];
      $userID = $_POST['ida'];


      //check blank fields
      if (!$name || !$surname || !$email || !$city) {
        $this->showForm = true;
        $this->error .="You didn´t fill all compulsory fields<br />\n";
      } else {
        
         
        if (!filter_var("$email", FILTER_VALIDATE_EMAIL)) {
          $this->error .= "Email isn´t valid" . BR;
          return;
        }

        $this->showForm = false;

        //update user
        $sql = 'update ' . TBL_USERS . " set ";
        $sql .= "name='$name', surname='$surname', email='$email', ";
        $sql .= "mobile='$mobile', id_role=$role where id_user='$userID'";
        DB::sql($sql);

        //update password
        if ($login && $pass1) {
          $pass = Auth::encrypt($pass1, $login);
          $sql = 'update ' . TBL_USERS . " set login='$login', pass='$pass' where id_user='$userID'";
          DB::sql($sql);
        }

        //update address table
        $sql = 'select * from ' . TBL_USERS . " where id_user='$userID'";
        $user = DB::sql($sql);

        $sql = 'update ' . TBL_ADDRESSES . " set street='$street', cp='$sn', city='$city', postal_code='$postalCode'";
        $sql .= ' where id_address=' . $user[0]['id_address'];
        DB::sql($sql);
      }
    }
  }

  //getContent function is called automatically 
  public function getContent() {
    $content = '<h2>Users</h2>';
    $content .= $this->action();
    $this->applyForm();

    $form = $this->getForm();
    if ($this->showTable) {
      $content .= '<a href="index.php?where=register">Create user</a>';
    }
    $content .= $form;
    $content .= $this->getTable();

    return $content;
  }

  //create form for editing information of user
  public function getForm($formID = NULL, $error = NULL) {
    if ($_GET['a'] == 'edit' && $this->showForm) {
      $this->showTable = false;
      
      $sql = 'select * from ' . TBL_USERS . '';
      $sql .= ' join ' . TBL_ROLES . ' using(id_role)';
      $sql .= ' join ' . TBL_ADDRESSES . ' using(id_address)';
      $sql .= ' where id_user = ' . $_GET['ida'];
      $result = DB::sql($sql);

      $login = $result[0]['login'];
      $pass1 = '';
      $name = $result[0]['name'];
      $surname = $result[0]['surname'];
      $street = $result[0]['street'];
      $sn = $result[0]['sn'];
      $city = $result[0]['city'];
      $postalCode = $result[0]['postal_code'];
      $email = $result[0]['email'];
      $mobile = $result[0]['mobile'];

      $f = new Form();
      $f->startForm("self", "post", null, array("class" => "form_settings"));
      $f->addDescription("Login information");
      $f->addLabel("Login*", "login")->addInput("text", "login", $login);
      $f->addLabel("Password", "pass1")->addInput("text", "pass1", $pass1);
      $f->addDescription("Personal information");
      $f->addLabel("Name*", "name")->addInput("text", "name", $name);
      $f->addLabel("Surname*", "surname")->addInput("text", "surname", $surname);
      $f->addLabel("Email*", "email")->addInput("text", "email", $email);
      $f->addLabel("Mobile", "mobile")->addInput("text", "mobile", $mobile);
      $f->addDescription("Address");
      $f->addLabel("Street", "street")->addInput("text", "street", $street);
      $f->addLabel("Street number", "sn")->addInput("text", "sn", $sn);
      $f->addLabel("City*", "city")->addInput("text", "city", $city);
      $f->addLabel("Postal code", "postalCode")->addInput("text", "postalCode", $postalCode);
      $f->addInput('hidden', 'ida', $_GET['ida']);
      $f->addDescription("Role");
      $sql_role = 'select * from ' . TBL_ROLES . ' order by title';

      $f->addLabel('Role', 'role')->addSelectionBox('role', DB::sql($sql_role), 'title', 'id_role', $result[0]['id_role']);
      $f->addLabel("&nbsp;", "")->addInput("submit", "userEdit", "Edit user", array("class" => "submit"));
      $f->endForm();
      
      return '<p class="error">' . $this->error . '</p>' . $f->getForm();
    }
  }

  public function getSubmitedForm() {
    
  }

  //create table to show data 
  public function getTable($tableID = NULL) {
    if ($this->showTable) {
      //table of all users
      $sql = 'select * from ' . TBL_USERS . '';
      $sql .= ' join ' . TBL_ROLES . ' using(id_role) order by upper(surname), upper(name)';
      $result = DB::sql($sql);


      $table = '<table>';
      $table .= '<tr>';
      $table .= '<th>Name</th><th>Surname</th><th>Role</th><th>Edit</th><th>Erase</th>';
      $table .= '</tr>';
      foreach ($result as &$row) {
        $userID = $row['id_user'];
        $table .= '<tr>';
        $table .= '<td>' . $row['name'] . '</td>';
        $table .= '<td>' . $row['surname'] . '</td>';
        $table .= '<td>' . $row['title'] . '</td>';
        $table .= '<td><a href="index.php?where=admin&subwhere=users&a=edit&ida=' . $userID . '">Edit</a></td>';
        $table .= '<td><a href="index.php?where=admin&subwhere=users&a=erase&ida=' . $userID . '">Erase</a></td>';
        $table .= '</tr>';
      }
      $table .= '';
      $table .= '</table>';

      return $table;
    }
  }

}

?>
